• Type: Bug
• Resolution: Duplicate
• Priority: Minor
• Component/s: git-plugin, ssh-agent-plugin
• Labels:

  • checkout
  • git
  • sshagent
• Environment:

  Jenkins 2.138.1 (from docker)
  plugins up-to-date as of 2018-10-02 17:00:00 UTC

[JENKINS-53877] sshagent + git checkout on local agent: ssh key not found

Thomas Riccardi created issue - 2018-10-02 17:24

Thomas Riccardi made changes - 2018-10-03 12:14

Description

Original: sshagent + git checkout doesn't seem to work: the `SSH_AUTH_SOCK` env var disappears from the git process environment, and thus the ssh-agent is not available to ssh started by git...   Scenario: - create a ssh key credentials `ssh-key` - create a pipeline job with Jenkinsfile: {code:groovy} node {     stage('Preparation') {         sshagent (['']) {             sh 'printenv'             sh 'ssh-add -l'             git 'git@github.com:foo/bar.git'         }     } } {code} - run created job Expected result: ssh started by git finds the correct ssh key via the ssh agent. Actual Result: - git fetch fails : no valid ssh key found - `ssh-add -l` works though, and shows the key added by `sshagent` Other tests: - `checkout` scm instead of `git` command: same behavior: it fails to find the key - direct `sh 'ssh -vvv git@github.com'` works More digging: - configure a git wrapper as `git` tool in global jenkins config to observe what happens: {code:bash} #!/bin/bash printenv >& /tmp/$$.git-env ssh-add -l >& /tmp/$$.git-ssh-add-list export GIT_TRACE=1 export GIT_SSH_COMMAND="ssh -vvv" git "${@}" {code} - run job again Result: - `ssh-add -l` fails: "Could not open a connection to your authentication agent." - `printenv` shows `SSH_AUTH_SOCK` env var is *not* here, which explains why the ssh agent is not usable/used So the remaining question is: why is the `SSH_AUTH_SOCK` env var removed when executing git commands ?

New: sshagent + git checkout doesn't seem to work: the `SSH_AUTH_SOCK` env var disappears from the git process environment, and thus the ssh-agent is not available to ssh started by git...   Scenario: - create a ssh key credentials `ssh-key` - create a pipeline job with Jenkinsfile: {code:groovy} node {     stage('Preparation') {         sshagent (['my-ssh-key']) {             sh 'printenv'             sh 'ssh-add -l'             git 'git@github.com:foo/bar.git'         }     } } {code} - run created job Expected result: ssh started by git finds the correct ssh key via the ssh agent. Actual Result: - git fetch fails : no valid ssh key found - `ssh-add -l` works though, and shows the key added by `sshagent` Other tests: - `checkout` scm instead of `git` command: same behavior: it fails to find the key - direct `sh 'ssh -vvv git@github.com'` works More digging: - configure a git wrapper as `git` tool in global jenkins config to observe what happens: {code:bash} #!/bin/bash printenv >& /tmp/$$.git-env ssh-add -l >& /tmp/$$.git-ssh-add-list export GIT_TRACE=1 export GIT_SSH_COMMAND="ssh -vvv" git "${@}" {code} - run job again Result: - `ssh-add -l` fails: "Could not open a connection to your authentication agent." - `printenv` shows `SSH_AUTH_SOCK` env var is *not* here, which explains why the ssh agent is not usable/used So the remaining question is: why is the `SSH_AUTH_SOCK` env var removed when executing git commands ?

Mark Waite made changes - 2020-07-02 22:16

Assignee

Original: Mark Waite [ markewaite ]

Jesse Glick made changes - 2021-03-10 16:57

Link

New: This issue duplicates JENKINS-30600 [ JENKINS-30600 ]

Jesse Glick made changes - 2021-03-10 16:57

Resolution		New: Duplicate [ 3 ]
Status	Original: Open [ 1 ]	New: Resolved [ 5 ]

Mark Waite made changes - 2021-11-02 03:35

Status

Original: Resolved [ 5 ]

New: Closed [ 6 ]